Join ARN

Whaling emerges as major cybersecurity threat

Fraudsters are using legitimate executive names and email addresses to dupe unsuspecting employees to wire money or sensitive documents to their accounts. The CTO of the Boston Celtics, for one, is fighting back.

Distributors

A clever variant of phishing scams is proliferating among enterprises, forcing CIOs to up their game even as they are still refining their cybersecurity practices to contend with various zero-day attacks. Called whaling, the social engineering grift typically involves a hacker masquerading as a senior executive asking an employee to transfer money.

Jay Wessland, CTO of the Boston Celtics.

"We have seen a few of those," says Jay Wessland, CTO of the Boston Celtics. He says a typical example he's seen involves someone pretending to be CEO or CFO who emails a high-level employee in the finance department to wire money or W2 tax forms. He says whaling attacks, a form of business email compromise also known as "CEO fraud," have increased over the past few months.

Unlike typical phishing or spearphishing scams, in which an attacker typically includes a malicious URL or attachment, whaling is a pure social engineering hack targeting relationships between employees, says Steve Malone, director of security product management at Mimecast. Whaling fraudsters either gain access to an executive's email inbox, or email employees from a fake domain name that appears similar to the legitimate domain name. They ask the intended recipient to take some action, such as moving money from a corporate account to an account the fraudster has set up, Malone says.

An example of a whaling email scam.(Click for larger image.)

Often, the language and phrasing of the email request are designed to sound similar to those that might come from CEOs, CFOs and finance staff. The notes may begin with a simple greeting, such as "Hello, how are you," and inquire if the recipient is in the office, a seemingly natural query. Then they'll ask the potential victim to trigger a money transfer, issue a bank payment, or email a W2 or some other sensitive document. "There's no way to spy that as bad," Malone says. "The content is human-written so a spam filter won't pick it up and it's hard to detect because there are no links or attachments."

Wessland says such attacks are impossible to pick up with basic spam-filtering technologies, noting that hackers will simply keep creating new fake domains from which to send their targeted messages. "You have to inspect the header of mail more intimately," says Wessland, who is responsible for safeguarding 200 employee email inboxes.

Throwing a net around the whaling problem

Vendors such as Microsoft, Proofpoint, Cloudmark and Mimecast are building tools to help companies defend against these attack. Mimecast, which makes cloud software designed to spot and quarantine phishing emails with malicious attachments and URLs, has just launched a tool designed to harpoon whaling. Called Impersonation Protect, the software's algorithms analyze the language content of emails as they come in through a corporate server. It looks for key indicators, beginning with whether the source name actually works for the company.

The software will then parse the email content for requests that includes keywords and phrases such as "W2" or "wire transfer," and provides a probability score that a target email is either safe or malicious. "One indicator in isolation is not bad, but two together could be fishy," Malone says. A third indicator -- and one unlikely to be caught by one of the corporate employees -- is that the attackers will register a domain similar to the victim company's name. For example, an attacker trying to spoof Mimecast employees might register the domain header "Minecast" and send email from it. CIOs can set policies in Impersonation Protect, programming it to reject suspicious mail or quarantine it for review, Malone says.

The Celtics’ Wessland says he will begin using Impersonation Protect in conjunction with Mimecast's URL and attachment-protection software this month. "Hopefully the automated tool will detect a lie and block or quarantine it and I can go and review it," Wessland says.

How afraid is Wessland of whaling attacks? About as afraid as he is of any cybersecurity threat and targeted attacks. He says he uses a number of desktop antivirus, gateway antivirus and application security tools to fend off attackers. "No matter what you do there always seems to be things that happen and that’s a concern," Wessland says. "All of those things keep me up at night."

ARN Distributor Directory

ARN Vendor Directory

Slideshows

​Inside the new HP Customer Welcome Centre in Sydney…

HP unveiled its new Customer Welcome Centre (CWC) in Sydney this week, following on more than a year after the vendor opened the doors of its Experience Centre in Melbourne (MEC). The new space offers on-site HP technicians and visiting channel partners the ability to reconfigure equipment and put together tailored solutions based on the needs of individual end clients or target vertical markets. The centre can also be booked by customers and partners for meetings, events, workshops, seminars, and training. Photos by HP.

Zscaler Australia toasts the channel at Xmas drinks

Zscaler recently hosted its partner update and Christmas drinks event in Australia where more than 20 partners attended the event at the QT hotel in the Sydney. The event provided a forum for the company to update its Australian partners on the company's strategy for cloud security in the year ahead. It was also a great opportunity for the company to introduce Sean Kopelke as country manager for A/NZ. The event ended with Christmas drinks and a celebration of momentum gained in 2016.

IN PICTURES: ​Nutanix X Tours

Nutanix recently held two ‘X Tours’, which brought the company’s flagship event .NEXT to Brisbane and Melbourne. Customers and partners got a firsthand look at the new era of IT and exposure to the potential of the Nutanix Enterprise Cloud platform. Both events featured key speakers both from Nutanix and its partners.

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Related Whitepapers

Copyright 2016 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.